In the context of a computer program, an "external function" is typically a procedure or function located in a library or other repository of functions that is external to the computer program using the external function. External functions are often, but not always, authored by different people or by different entities than the computer programs using those external functions.
Program execution environments that allow external functions to be bound at run time, rather than at link time or compile time, facilitate the maintenance and updating of computer programs because for such programs to be used in such execution environments only the computer programs that are being revised or updated need to be recompiled, while the other modules can be left unchanged. Furthermore, the recompilation process is simplified because the compilation of the revised programs can be performed even if other modules used by the program are not present in the program development system.
However, systems using such program execution environments are vulnerable, because the interfaces between the program modules are usually well specified, or can be determined by third parties, and it is possible for such third parties to therefore use those program modules in ways not sanctioned by the corresponding software license agreements. Alternately, such third parties can allow the system to be subverted by replacing authentic program module with corrupted ones.
This problem is magnified when dealing with cryptographic routines in software that is destined for export from the United States of America to customers or distributors in other countries. It is currently forbidden by U.S. trade law to export software modules that provide general cryptographic capabilities. On the other hand, it is allowed to export programs that use cryptographic capabilities in a limited context and that cannot be used to perform general cryptographic functions outside the limited context of the exported program. In fact, it is commercially important to be able to design software systems for export that use cryptographic functions in an authorized manner. Prior art late bound systems, such as dynamic link libraries (DLLs in the Windows system) or shared objects (.so files in Solaris), attempt to solve this problem by either obscuring the interfaces between software modules, or by providing separate "export only" versions of their software. Providing separate "export only" versions of software products leads to problems in keeping the domestic and export versions "synchronized" with respect to upgrades and maintenance revisions with a single code base.
Another example of a situation where there is a need to limit or prevent use of dynamically linkable modules is an application written by a vendor that wishes to keep some functions in the application private for either trade secret or contractual reasons. Such systems require limiting access to these private functions.